Have got West Yorkshire police UKASH virus which also attacked external hard drive with norton ghost back up files.
Removed suffix to back ups and now recognised but error message from Symantec of EA39070A appears and can' t access files. If I created another back up of a different hard drive it would create an uninfected file but I assume would overwrite the infected recovery point. Can't get into infected computer which appears also to have Smart Fortress virus as well! All for clicking on a Linkedin recruitment ad!
Won't start in safe mode have tried booting from DVD drive with Msoft Defender which identified virus but couldn't delete. Have created cd recovery discs for avg and kaspersky but when tried as a trial on working computer not recognised. Have written in iso format but when booted don't start. Used Burnaware software but must be doing something wrong although appears as ISO file when check DVD drive.
All my business files and records are corrupted and this could be a total nightmare. Any suggestions v welcome.
Have you check following artcile
dangerous link removed by Moderator
It could be helpful. Give a shot.Message was edited by: Ex_Brit on 10/09/12 11:31:50 EDT AM
Thanks for the thought but can't boot into safe mode or if computer does keeps running a loop and never gets to windows screen. Running XP so may not work as 7. Any other ideas welcome also looking at Smart Fortress thread as it has also infected computer at same time.
By now this thread must have been solved so anyone with a new similar infection please start a new thread, thanks. Locking this one.Message was edited by: Ex_Brit on 10/09/12 11:27:39 EDT AM
Glitton, a summarized explanation of what steps you followed would do the world of good to someone who has almost 20 years of photographs and videos from the family on the verge of meeting the electronic afterlife.
Downloaded ftp://ftp.drweb.com/pub/drweb/tools/matsnu1decrypt.exe as advised by the folks at Dr.Web.
When you run it, it asks for an unencrypted file and the corresponding encrypted version. Point it to the relevant files (via the usual file selection dialogs) and let it do it's stuff. Bingo !
Looks like it uses the same random-ish encryption key for all the files that it affects on a particular machine, hence by providing just one original and its corresponding encrypted version the tool is able to decrypt all files on that system.
Hi all, have just sorted this on my mums PC thanks to DR Web, am just posting to let everyone know what to do to remove the encryption without having to read through several pages and work it out!
Download matsnu1.decrypt.exe off of Dr Webs site, link below.
Run the programe and it will guide you through the process. You need a copy of one of the files which has been decrypted, and a clean copy of the same file (see the importance of backups!).
Select the two files when prompted, and click continue and the programe will do the rest to deal with the encryption.
Hope this helps!
Message was edited by: nickc89 on 04/05/12 09:02:41 CDTMessage was edited by: nickc89 on 04/05/12 09:03:14 CDT
I have run this decryt file and it appeared to be working, however all my decrypted files that have been created are 0 kbytes and are blank. Any ideas on how this could be or what I did wrong
If you followed the Dr Web instructions then the decryption hasn't worked, or their program has a bug in it. If the decryption isn't working then maybe the encryption method has been changed. Either way, you'll need to ask someone at Dr Web to look into this.
You still have the encrypted files? Keep them, delete all the 0-byte 'decrypted' files, and have another go once you've checked with Dr Web.